Stripe.Webhook (stripity_stripe v2.17.2) View Source
Creates a Stripe Event from webhook's payload if signature is valid.
Link to this section Summary
Functions
Verify webhook payload and return a Stripe event.
Link to this section Functions
construct_event(payload, signature_header, secret, tolerance \\ 300)
View SourceSpecs
construct_event(String.t(), String.t(), String.t(), integer()) :: {:ok, Stripe.Event.t()} | {:error, any()}
Verify webhook payload and return a Stripe event.
payload
is the raw, unparsed content body sent by Stripe, which can be
retrieved with Plug.Conn.read_body/2
. Note that Plug.Parsers
will read
and discard the body, so you must implement a custom body reader if the
plug is located earlier in the pipeline.
signature
is the value of Stripe-Signature
header, which can be fetched
with Plug.Conn.get_req_header/2
.
secret
is your webhook endpoint's secret from the Stripe Dashboard.
tolerance
is the allowed deviation in seconds from the current system time
to the timestamp found in signature
. Defaults to 300 seconds (5 minutes).
Stripe API reference: https://stripe.com/docs/webhooks/signatures#verify-manually
Example
case Stripe.Webhook.construct_event(payload, signature, secret) do
{:ok, %Stripe.Event{} = event} ->
# Return 200 to Stripe and handle event
{:error, reason} ->
# Reject webhook by responding with non-2XX
end